2️⃣2️⃣ Here's the 22nd post highlighting key new features of the recently released v259 release of systemd. #systemd259 #systemd

In v258 systemd-nspawn gained support for running unpriviled containers from directories owned by the "foreign" UID range. To get container images owned by that you had to manually chown() the images (recursively), for example via systemd-dissect --shift. And while the systemd-nspawn invocation is not privileged, that re-chown()-ing definitely has requires privileges.